Re: Manage user account service password ?
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 30 Aug 2007 10:13:26 -0500
The hard part is getting all of the persisted passwords updated in the
various places they are stored. They all aren't just Windows services, but
are often stored in configuration files, used by IIS or sucked into random
vendor apps and stored who knows how.
The only way to deal with that part of it in general is very careful
documentation and change control processes. It is also a good idea to try
to enforce "single use" for service accounts so that you don't have to try
to change multiple passwords in multiple different places simultaneously, as
that can easily lead to lockout issues.
2008 server with fine-grained password policy will at least make some of
those issues easier to deal with (disabling lockout for service accounts and
enforcing stronger passwords to compensate).
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"net_admin" <netadmin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:41C1EFFD-8113-4134-888E-2EC3FAB37CC0@xxxxxxxxxxxxxxxx
1. Have a controlled list of all svc accounts in the domain;
2. The recommended pratice is to set svc accounts pwd to never expire;
3. When you need to massively change the pwds, you can use a reskit tool
called cusrmgr. You will have the option to set random pwds.
Good luck.
--
NetAdmin <São Paulo, BR>
.
- References:
- Manage user account service password ?
- From: Pascal
- Manage user account service password ?
- Prev by Date: Re: Active Directory could not create the NTDS Settings object for this domain controller
- Next by Date: Re: "Last logon time" & "Last time the account was authenticated by AD
- Previous by thread: Re: Manage user account service password ?
- Next by thread: Re: "Last logon time" & "Last time the account was authenticated by AD
- Index(es):
Relevant Pages
|
